Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203415.roa
File:                     AS203415.roa (raw, json)
Hash identifier:          BzjaDfbwar4qkM0dTQeCkG7jpdgI2L6hbnOLNW2X22M=
Subject key identifier:   30:8E:4B:D6:C0:67:F6:82:38:66:FD:0F:E2:DC:D9:01:6C:71:2B:D7
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       771EC8063D4887C2DE4F6DE21AD549CC48AD3E64
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203415.roa
Signing time:             Tue 05 Nov 2024 03:40:03 +0000
ROA not before:           Tue 05 Nov 2024 03:35:03 +0000
ROA not after:            Tue 04 Nov 2025 03:40:03 +0000
asID:                     203415
IP address blocks:        2a06:a005:5ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:1e:c8:06:3d:48:87:c2:de:4f:6d:e2:1a:d5:49:cc:48:ad:3e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Nov  5 03:35:03 2024 GMT
            Not After : Nov  4 03:40:03 2025 GMT
        Subject: CN=308E4BD6C067F6823866FD0FE2DCD9016C712BD7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5f:47:4b:48:2e:0f:76:08:77:8e:bc:6f:c8:
                    ff:e7:e9:d2:75:90:13:91:ba:69:66:72:18:42:88:
                    4f:0e:59:ae:b1:9a:90:f3:5a:30:9c:bd:99:1e:86:
                    3b:ac:30:4e:7f:9b:51:01:b2:50:00:28:b6:21:4e:
                    37:f4:f7:b4:0d:10:f8:9a:a2:bb:77:30:97:7c:d1:
                    ca:cf:a9:75:4a:da:f8:9e:44:42:39:aa:7e:b0:b9:
                    12:29:75:a2:00:4b:16:f5:45:6a:42:7d:58:6d:ef:
                    a2:bc:ef:f0:0f:d3:36:46:1c:05:98:40:c4:91:9b:
                    f0:66:e0:31:ce:4d:a0:ed:40:e6:e7:c1:30:77:14:
                    9c:08:43:e9:d9:51:00:fb:f4:85:b1:d8:ad:e5:7d:
                    05:bb:bb:67:ec:c4:81:c8:0e:f4:c8:33:d8:51:e4:
                    85:ce:08:66:6d:18:85:d6:cf:15:5f:31:85:ad:b7:
                    b6:8d:35:1a:60:bb:e0:80:da:c4:f2:60:f9:5d:71:
                    6d:42:a2:32:75:cf:9a:dc:df:e5:5b:56:c7:ca:8b:
                    f5:07:2d:b5:7a:be:52:c3:7f:9b:5e:49:f4:7f:25:
                    2f:1e:ba:32:47:68:df:92:33:44:a1:dc:4e:c9:b8:
                    5c:0f:2b:6c:68:18:41:cb:0b:7c:af:99:9b:60:a4:
                    60:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8E:4B:D6:C0:67:F6:82:38:66:FD:0F:E2:DC:D9:01:6C:71:2B:D7
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS203415.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:5ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:5b:01:09:2d:46:9a:82:ea:cc:2e:93:aa:c7:fc:49:52:8a:
         c0:e3:17:27:45:b0:18:9b:43:7b:9e:bf:c6:dc:e8:d2:4f:51:
         f8:6e:35:0f:82:7b:02:ec:30:7f:38:65:f8:8a:f6:d1:27:c0:
         52:3c:d1:51:c1:df:bd:86:cc:23:12:c7:c2:aa:05:08:8d:19:
         f8:c5:6e:17:60:04:4f:6a:19:74:54:4d:57:9e:f3:59:98:35:
         f5:87:a0:af:e7:a1:cc:cd:3e:d8:9b:37:cc:af:fd:76:b4:bc:
         a4:bd:38:d7:85:82:53:42:e9:b9:37:a8:b3:91:a1:20:dc:24:
         e4:3b:62:ff:ef:dd:d9:86:23:ae:d7:fa:60:50:dc:03:4d:c2:
         9b:9e:5e:5e:e0:b6:1e:e0:2e:a9:4c:9a:af:99:2c:ee:68:ad:
         13:57:c2:5f:3c:e6:9a:25:50:74:3b:83:3e:38:79:53:92:17:
         15:7d:c0:2f:fe:08:69:f9:8f:af:29:b6:3a:cd:4d:d1:78:fa:
         2d:1c:88:c5:b1:dc:30:d5:51:9e:4e:4b:5f:5d:e2:5e:87:2e:
         9f:a6:ee:ea:cc:fd:9e:98:d1:40:66:50:50:94:e8:a2:0f:01:
         2b:bb:12:d2:b8:41:90:a9:b9:45:2f:0f:5b:d9:a7:c0:9e:54:
         13:53:cc:3a
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUdx7IBj1Ih8LeT23iGtVJzEitPmQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNDExMDUwMzM1MDNaFw0yNTExMDQwMzQwMDNaMDMxMTAvBgNV
BAMTKDMwOEU0QkQ2QzA2N0Y2ODIzODY2RkQwRkUyRENEOTAxNkM3MTJCRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPX0dLSC4Pdgh3jrxvyP/n6dJ1
kBORumlmchhCiE8OWa6xmpDzWjCcvZkehjusME5/m1EBslAAKLYhTjf097QNEPia
ort3MJd80crPqXVK2vieREI5qn6wuRIpdaIASxb1RWpCfVht76K87/AP0zZGHAWY
QMSRm/Bm4DHOTaDtQObnwTB3FJwIQ+nZUQD79IWx2K3lfQW7u2fsxIHIDvTIM9hR
5IXOCGZtGIXWzxVfMYWtt7aNNRpgu+CA2sTyYPldcW1CojJ1z5rc3+VbVsfKi/UH
LbV6vlLDf5teSfR/JS8eujJHaN+SM0Sh3E7JuFwPK2xoGEHLC3yvmZtgpGCPAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUMI5L1sBn9oI4Zv0P4tzZAWxxK9cwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAzNDE1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcAKgagBQWsMA0GCSqGSIb3DQEBCwUAA4IBAQB/WwEJ
LUaagurMLpOqx/xJUorA4xcnRbAYm0N7nr/G3OjST1H4bjUPgnsC7DB/OGX4ivbR
J8BSPNFRwd+9hswjEsfCqgUIjRn4xW4XYARPahl0VE1XnvNZmDX1h6Cv56HMzT7Y
mzfMr/12tLykvTjXhYJTQum5N6izkaEg3CTkO2L/793ZhiOu1/pgUNwDTcKbnl5e
4LYe4C6pTJqvmSzuaK0TV8JfPOaaJVB0O4M+OHlTkhcVfcAv/ghp+Y+vKbY6zU3R
ePotHIjFsdww1VGeTktfXeJehy6fpu7qzP2emNFAZlBQlOiiDwEruxLSuEGQqblF
Lw9b2afAnlQTU8w6
-----END CERTIFICATE-----